By mistake I installed software that I downloaded via a peer-to-peer file share. The download was tarned as "Adobe Indesign 2.0 Build 416 -full-download.zip". After Installation I had a program on my systhem that included a fastdownload-vain folder in my Program Files folder and contained a fastdown.exe and a fastdown.adl file. There were 2 more folders, 1of them was called XDiver. I tried to uninstall via add/remove software but it was not listed. So I removed all 3 Folders and there content.

But the trouble is not over when I am connected to the Internet everz once in a while a window will pop up and direct me to a sex site. What is it? What should I have done differently and what can I do now?

I noticed a openme.exe file in my windows folder. Could that have something to do with it?

Have you checked the file with an Anti Virus scanner ?
Whatever you do, don't run that file.
Right click it and check the Properties - does it give you a clue as to where it comes from.
A Trojan virus could be launched from a file with a name like that...sure sounds suspect to me.
My advice would be to delete it.

I had a similar problem recently.
The solution was to clean my IE history, cookies and temp internet files.
Also, check using msconfig that nothing dodgy and/or related to fastdownload is being loaded at Windows startup.
Run a virus checker to ensure that there are no nasties on your system. Also check for spy/adware using ad-aware (download from zdnet.com). Clean anything that ad-aware finds.
Doing all this cured the problem for me.
As for openme.exe, I also thought that my problem could be related to this file. However, when I renamed it (so it would not be triggered) the problem was still there. Remove the file if you want, but I suspect that it has nothing to do with your problem.

Ok, thanks for your replies let me tell you some more I found out:
on startingWindows it would just since recently show brieflz a dialoge box "...Extracting Html files". When I renamed the openme.exe file I resarted the computer a warning would come up say ing "openme.exe not found." What on earth is this trying to do, why extracting HtML files?
However, I am happy to delete this file but that does not seem to be all. I definately don't want this message to pop up all the time so what could I do that this whole thing doesn't even start on startup. There must be another file.
I did scan everything with my anti virus software. No viruses fond.

Then let me ask another question. When I open the dioalogue box for the current internet connection there seems to be a lot of data transfer going on, sent as well as received bytes even though I don't do anything, not even the browser is open. What's goin on there?
I don't have a firewall as it is "just" my little laptop at home and I use the Internet only occasionally. Should I install a firewall?

I did this one stupid little download+installation last night and a really long download. And now the trouble has started with programms closing down on me because if the famous invalid page. And all this after the whole software incl. Win98 has just been reinstalled last week. Untill last nicht everything was fine. Norton Utilities repaired some stuff but things seem still to be a bit dogy. Sorry, just wanted to cry a bit....
So. please help me with this openme.exe stuff decribed earlier

Thanx

You need to find out where openme.exe is being run from.
1. Run MSCONFIG and look on Startup tab
Disable it if in there.
2. Also look in WIN.INI file in C:\Windows
Delete from the RUN= line or LOAD= line if it is there.
3. And SYSTEM.INI in C:\Windows
Delete any reference to the file if found there.
4. Then maybe do a search in the Registry for OPENME.EXE, and delete anything found

I'm not that blessed with computer knowledge, so I have to ask: 1. What is and HOW do i rin MSCONFIG; 2. What is and How do I search the Registry?

Thanks a lot

Go to START / RUN and type MSCONFIG in the Open box, press OK

For the Registry, go to START / RUN and typr REGEDIT in the Open box, press OK
When registry opens, click My Computer at top of list
Then click EDIT, then click FIND
In the Find What box, type OPENME.EXE
Then click Find Next
If nothing is found there, a box will come up to tell you that.
If you do find something, post back with where it is located in the Registry, so we can tell you what needs to be done.

I know this might sound kinda extreme but if what Spirelli and Krystyna told you doesn't work, and this is really bothering you, you had mentioned that you reinstalled win 98 lastweek. Well if you havn't installed a bunch of stuff or done alot with the PC since then, why don't you just format the HD. Again this might sound kinda extreme but again if you just installed stuff last week this might be the simplest thing.

Contracting a computer virus, could be.
Computers contract viruses by running infected programs or opening infected files downloaded from a network, internet, or received from an infected disk- but not from opening standard email messages. Viruses can only spread when you run (execute) an infected program, and email is text only. You can, however, get a virus from opening an email attachment. A highly-suspect file in this regard would be an attachment with an .exe file extension (for example, "openme.exe"). The files name is stimulating your brain to open it. A Trojan Horse name could
be openme.EXE.

A Trojan Horse could overwrite your partition table, etc.

Some useful info here No disrespect intended to Krystyna or any other poster, but if you're a novice, I wouldn't advise you to start messing around in the Windows Registry. You can do more damage than good if you don't know what you're doing.
I would recommend you download a program called Tauscan which is a first class anti-Trojan application. You can use it on free trial basis for 30 days. It's capable of removing practically every Trojan virus currently floating around. You can also update its database weekly.
It's worth a try anyway.

the problem goes deeper than ya think , this is launched from the registry !!!!!!

Ok, first of all, look for the file OPENME.EXE in your windows registry. Before deleting it, make sure you unload it from your memory (I love XP). Then, remove it EVERYWHERE you see it. There will be ONE key which defines the explorer. This key will say:
"Explorer.exe openme.exe"

What this probably does, is look at openme.exe as a shell. So, as soon as you close it, it will re-start (just like Explorer). Make sure you DO NOT delete that key!! Just remove the OPENME.EXE from the key.

I just removed this myself.

click start..run...sysedit
in the system.ini file find the line that reads "shell=explorer.exe openme.exe"

Carefully delete "openme.exe" and save the file, then reboot.

By the way...then download adaware and run it.. thats what I did and it found a bunch of ad/spyware...

I had the same problem. I solved it by deleting "openme.exe" from my Windows folder (run search to find exactly where it is). Then you edit out the line "openme.exe" on the Explorer line in system.ini. For those who do not know how to open system.ini, open the "Run" dialog box from the start menu and type in system.ini. If you can't find openme.exe, use the find option in the top bar menu in the sytem.ini folder. This drove me nuts and I spent hours coming up with this solution. I hope it works as well for you.

I've got the same hoax one my machine. As described I found the openme.exe in c:\windows. On top of I found this entry in the boot-section of system.ini: "shell=Explorer.exe openme.exe"

By every bootup he loaed my standard-browser and tried to open a certain .html file in "c:\temp" (wich I deleted before I encountered the hoax).

I recommend you delete the entry out of system.ini, all files in your temp directories and "c:\windows\opnme.exe".

Since I'm running on firewall I can tell you that I didn't log any supicious packets sent to WAN (but as I mentioned already the file he tries to load is already deleted).

I'm curious...where did the openme.exe originate? Did it come via email, wrapped up in a .zip file, downloaded? Could you tell me the site? I've eliminated the file on the system, but I'd like to find out where the user got it. Thanks for your help.

I got the same thing and I followed the above advice, and it worked. I think I downloaded mine from KazaA as a file that claimed to give fast downloads. It added network connections as well. I deleted all that right away, but the openme thing I didn't catch until I rebooted. It also gave my Norton antivirus a "program not responding" popup when I shutdown. I also noticed windows explorer starting and bringing up a window of C:\Program Files\Microsoft\Highlighter. I have no idea what it is or is supposed to do, but I quarantined it in a different folder just in case. I ran Norton antivirus before I started this and it didn't find anything! (Most recent update files installed)

I've done the same darn thing! UGH!!!

I tried everything to delete the file/programs....it still kept popping up. Norton didn't find anything for me either. And, this "openme.exe" I didn't know anything about until I read it on here.

I went into the registry and found all of these: openme, Alexa, HTML, and fastdownload; all when I did a search for "openme".

So, a heads up to all of you with this problem. I was about to reformat....

i came across the same problem must have downloaded it from kazza. i have followed the above directions and found the fiel in the system.ini file so have deleted it and saved.hopefully this has fixed the problem.my nortons antivirus did not pick this up, have also visited nortons site but they have nothing on this so called virus.

OK, another neat feature of this annoying "virus". I tried to reinstall Norton Antivirus because I didnt pay for it and it was expired. I found that I coudn't reinstall Norton an dit was driving me crazy, until I was reading here. I am on Win2k. I cntrl+alt+del and went into the task manager and ended the openme.exe and all of a sudden the Norton antivirus install popped up. So it appears that the openme.exe is attempting to disable the norton install procedure.

THANKS!!!! I got the *openme* one week after I formatted because of it. this site showed me how to get rid of it !!!!! I got mine from Limewire, needless to say I won't be going there again!!!

I have the same problem running windows XP, however the openme.exe doesn't exist in any *.ini files. I noticed that OPENME.EXE-01957B17.pf was also in the windows/prefetch folder on windows xp. A search of the registry for "openme" yielded no results. Also a text search of all files on the computer for "openme" yielded no usefull results.

Hey, I located that same file in WIN after downloading something from KaZaA too! I deleted it, and have tried to do what you all have said about deleting the line from System.ini...but I can't locate that line anywhere. (I've got XP by the way) And now that I've deleted the file, I keep getting an error message (of course) each time I start up Windows. I saw this line that makes me think its the problem...does anyone know if it is the line I should get rid of?
EventLogError=WR_EVENT_LOG_95::Open(): CreateFile() failed.

If you've installed WinXP or 2k I think openme.exe is run from the Win-Registry. Well, I'm on Win98SE and I found the entry in the system.ini by looking for it everywhere ('cause this error-message was terrible ... I don't wanted to see it after every boot.)

I think, openme.exe has got some backup-files, that could be deleted, too. I searched my Win-directory for "opennme" and I found two or three other files called openme.*** in the C:\Windows\System - directory. I erased all of them. After that, I cleaned the system.ini, so there were no more files like "openme.exe" and all these reg-keys. It's quiet now ... the error-message doesn't pop up any more.
I hope this could help some of you.

Thank you ...Guys I got it from morpheus nascar full download zip

Here's the deal:
1)Comes from running a program probably from a file sharing service
2)Found in system.ini - delete the openme.exe words ONLY
3)Not found in registry
4)Is ad/spyware
5)Can be embarassing when the President of your company walks by and sees hardcore porn pop up on your desktop (personal experience)

i got win 98 SE
Mine was found in C:\windows\system.ini
and the shell=explorer.exe openme.exe
and one file found in C:\windows\ called openme.exe
i also use kazaa, but since yesterday i use a program called kazaalite (www.kazaalite.tk) that's kazaa without the spyware I don't think this spyware/adware util was installed by kazaa itself, but it's possible though

thanks for all the great advice

Anyone with problems with XP and OpenMe.exe...go to registry in this spot and you'll find the problem!

I found it under HKEY+LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogin.
The Shell key was set as 'explorer.exe openme.exe' I've changed this to just 'explorer.exe'. And it worked!!! No more problems!

I'm having the same problem as all of you guys! I went into my system.ini and killed it. However, as I was looking around in my registry, I saw a whole file for Kazaa. I deleted this 2 days ago. 2 questions.

1) Should I bother with it? I mean can it still cause trouble???

2) How do I delete that from my reg. with out screwing my system up.

I just got rid of it!!!!
I'm running XP.
1) ctrl+alt+del
2)click PROCESSES
3)Highlite openme.exe
4)END PROCESS then OK
5)go to START->RUN
6)type regedt32
7)click FIND
8)type openme.exe
9)the first one it finds
!!ONLY DELETE openme.exe!!!
!!NOT THE WHOLE LINE!!!
10) click FIND NEXT
Press DELETE on each one until you see
one that says EXPLORER.EXE OPENME.EXE
11) highlite that line and click MODIFY
12)!!ONLY DELETE OPENME.EXE!!!
(not explorer.exe)
Continue until you find no more.
Close REGEDT32
13)START->FIND
search for all files and folders for openme.exe.
14)when found, locate and DELETE!!!
15)empty recycling bin and reboot.

Follow steps EXACTLY!!!!
Any mistakes, your system will be worse than it is now!!
Good luck.

I use Windows 98/Office 2000 and downloaded what I thought was a version of FrontPage via Morpheus. I have deleted what I thought was the appropriate files suggested and noticed that the small "marker" that was showing on bottom left-corner of desktop icons had removed. I could also connect through the browser quicker and shut down ok.
However, I have booted up tonight and noticed the mark is back on the desktop icons and when I click on links from e-mails I am unable to connect to the web sites with the browser closing down. Can anyone suggest anything else I may have missed?

By the way, I have just searched on openme and a whole list of files have appeared including:

msmsgs in C:\Program Files\Messenger
132[2] in C:\Windows\Temp Internet
Files\Content.IE5\YSEY7BSY and
outlook.pst in C:\Windows\Local Settings\Application Data\Microsoft Outlook

Should these be deleted as well? I am getting concerned now and the antivirus software I am using (AVG) doesn't pick up anything.

I'm running Windows 2000 & am having/finding almost identical items on my computer in the same places. I'm ready to get rid of this %@#*! thing, but I would like to know if anyone knows if there is anything different that I need to do because of Win2k. Any other places to look, different things I will find, or a different procedure to erase this thing??
Any input would be GREATLY appreciated.
Thanks.

if anyone can tell he how to delete the file from my registry, please e-mail me and I'll try whatever and if it don't work I'll tell u, and if it does I'll thank you can call u the king of all computers and bow at your feet.

Thanks to all for the info - I am trying now to delete that *%*#*% openme.exe thing - I hope it works - I believe I got this file through Bearshare or kazza - (now searching for anything relating to these names and deleting all) !!
Will never download those programs again !!!
I tried a lot of the ways described to get rid of it but to no avail: I am banking on WINGNUT's to be the one that will fix it.
wish me luck
Thanks again
Goldi

I've also found on my system in registry the key:
HKEY_LOCAL_MACHINE\SOFTWARE\ALifestyle\acocash
where I found two more keys refering to "fastdownload5" and all that stuff.

mine's from morpheus too, download nascar file before too, but that was long ago, and i only gotten the virus recently. my problem should be from a mechcommander 2 install file i downloaded

I don't know how old this string is, but last night I was up til about 5 in the morning investigating this stupid file on my computer. I found it to be annoying in the beginning having it bottleneck my network. It runs from a feed program called rundli.exe you need to delete this file immediatly... This also spurs off another program called wow.exe this program sets off the information via the internet. Also the wow.exe program stores unsent information in a database type file within the same directory. I run win2000 and found in my registry settings a c:\winnt\*dave* a hidden none viewable file.... I deleted all of this and found out where I contracted this damn trojan from.... It's from a hacked voodoo3 OpenGL drivers. I think I got most of it gone but still fighting it....

I'm having the same problem. I just found this article- "This backdoor copies itself with the EXPIORE.EXE name to the Windows directory and with the name of RUNDLI.EXE to the Windows\system directory. It then modifies the SYSTEM.INI "shell" section to execute the program each time when Windows starts up, or the registry run field. When executed it tries to connect to wnp.icq.com with a user id of 111138. This id is owned by a hacker who calls himself "Of Hacker Anarchy Warrior". TheThing sends a message to him and this way the hacker can see that the program is used on the actual machine. Then the local program starts to listen therefor the hacker can start to communicate and get information from that particular machine. To remove it, someone has to delete this file and the RUNDLI.EXE from the system directory and fix the SYSTEM.INI shell section to remove the executed EXPIORE.EXE from there/or from the RUN field of the registry"

Hope this helps somebody.

Ok, I'll be brief.
Have the same problem as you guys. Got infected from Kazaa, etc... Running Windows ME. Found it at least in windows.ini (well do more search and removing now).

Norton Antivirus just updated to the latest virus definitions (version 40417f 04/17/02). It lets openme run, but then apparently it createds a file called "index.htm" in your wiundows Temp directory. This file is blocked by NA as Trojan horse and openme shows a dialog box saying something about not being able to start html services ;-)

I looked at the html file in question -- apparently it just has a couple of lines of html code opening some web site. didn't try going there, but I'd bet $100 against $1 that it's the porn site ad...

I've deleted all the files mentioned - thanx for advice. However, I am unable to activate web sites via e-mail links - the browser keeps crashing and asking if I want to send an error report to Microsoft - does anyone know if this is part of the openme.exe or if it is a bug in Microsoft update files?

I had this same thing happen to me. I downloaded the same file and it installed fastdown.exe and openme.exe. openme.exe was immediatly detected by my virus checker, and I deleted it. Then I had to delete the references to it from my registry. Then fastdown.exe got executed automatically, even though I thought I had removed it from my registry. I also found it was associated with a file called jur.exe and also C-a-s-i-n-o.exe and a site called upx.tsx.org also A Lifestyle GmbH and acocash NetService

Thanx everybody for these usefull informations, I experienced the same openme-story ... I think this forum becomes a really "Anti Openme Tutorial" :)

It seems to be different for win 9X/ME users and for Win 2K/NT/xP users.

But everybody must do this if you want to delete this ^$¨*¨µ openme... :
-read this forum-page completely
-look for system.ini, win.ini, ...etc and delete lines about openme
-search your cpu for openme and delete
-search your cpu for fastdownload and delete
-search your cpu for 5-2-46 and delete
-search your cpu for rundli and delete
-go here in your registry HKEY_LOCAL_MACHINE\SOFTWARE\ALifestyle\acocash and delete openme related keys
-go here in your registry HKEY+LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogin and rename "explorer.exe openme.exe" in "explorer.exe" by right-clicking + modify
-search your cpu for *.jur and delete
-delete your temp and temporary internet files folders
-reboot

I also just want to say that i found an internet account in: internet explorer>>tools>>internet options>>connections
This account contains "fastdownload" and "jur" in its name, you must delete it.

BTW, some porn icons appears (on my desktop) when I was receiving porn popups. There names were "5-2-46" or another fastdownload related name. Here is the emplacements of these icons:
-2 on the desktop
-1 in the start menu bar
-maybe others (look for "5-2-46" on your cpu.

That's all and BE STRONG to get rid of OPENME AND FASTDOWNLOAD

Thanks for the help on this page.
I just noticed the openme.exe bits today (my NA kept coming up with the index.exe file as a trojan) I removed it from system.ini (shell) already but found it in the registry on a few spots as well.
Also, I had the problem with the porn add showing up every once in a while. Not exactly the president of my company who saw it, but my wife didnt quite appreciate it either, I hadnt yet linked that with the openme.exe bits but i hope it doesnt come up again. For some odd reason when I tried searching for some help on this thing with ixquick (searchengine) it tried to download the openme.exe from there, not sure why but I am not using that engine for a while (it had such oddities in the past as well I must admit)Anyways, thanks again :)

OK THIS IS THE SOLUTION
IF YOUR RUNNING ANYTHING BUT WINXP - THEN GO DELETE THE FILE IN C:\WINDOWS AND THEN GO TO START--RUN AND TYPE IN SYSTEM.INI
THEN WHERE YOU SEE THE LINE SHELL=EXPLORER.EXE OPENME.EXE, DELETE THE OPENME.EXE BIT. LEAVETHE EXPLORER.EXE PART ALONE.

WITH WINXP DELETE THE FILE FROM C:\WINDOWS AND THEN GO TO START--RUN AND TYPE IN REGEDIT. CLICK ON EDIT AND THEN FIND AND TYPE IN OPENME.EXE EVERY TIME SOMETHING COMES UP DELETE IT ND THEN PRESS F3 TO SEARCH FOR THE NEXT ONE. WHEN YOU GET TO A FILE CALLED SHELL, RIGHT CLICK IT AND CLICK ON MODIFY DATA. THERE YOUL SEE EXPLORER.EXE OPENME.EXE. DELETE THE OPENME.EXE BIT BUT LEAVE THE EXPLORER.EXE BIT. THEN QUIT AND RESTART AND EVERYTIHING SHOULD BE FINE

This is part of an auto dialer program for a netherlands erotic chat and porn site. It was found to be contained in several downloads (one of them disguised as a Harry Potter trailer for the new movie- often found on Kazaa and Morpheus)and causes various porn pop-ups including the Dang Bang-Bus stuff Grrrrrr!!!
It will dial in and tends to get very unstable if not remved all in one hit. Openme.exe is part of it and so it the fast-download vain program.

You will find the Openme.exe in the windows folder c:/windows/openme.exe You will also find a Log for it. Do a search for files named. The folders associated with the vain program will be in the program folder.

follow everything they are saying here if running and win 9X os. As for xp i sure hope what someone else has posted here works for you.
This little nasty is a proverbible Pain the the A$$!!!

Good Luck

There is also a line in startup that you should remove.

C:\windows 5-1-34-1.exe -m
and anything that has to do with fastdown.exe

I had this same problem! One clue is don't download anything on per-per that is below 57k. It reads as a link to the software that you are going to be downloading. When you start that BOOM that is when everthing is installed on your computer. It has taken me a long time to get it cleaned up off my computer!

At least I can let my kids use my computer again!! That pop-up window was sooooo bad!

Ruth

By the way, it also installs webdialer that it tries to dial out. You need to uninstall that.

I am having problems finding openme in regedit. or reged32. The only place I find it listed is under search and I removed all referance to it. Can someone tell me what I am doing wrong. I didn't find an anything linking to explorer but I know it is.

I have also noticed on bootup under tasks that are running I have IEXPLORER.exe running and I don't have explorer open. I kill this manually. After openme.exe and fastdown.exe out of were taken out of startup in msconfig I get errors that these files are still being looked for! GRRRRRRRR

I want this off my computer, at least the windows are not popping up!

you are the smartest people in the world your suggestions worked on windows 2000 the same as win xp, going into the regestry and fixing the explorer.exe openme.exe to explorer.exe
thank you

Hi Guys,

Dont forget to check the properties of your dial up accounts. This bugger changed the default account to a premium number.

I have recently contracted this nasty on Windows XP and concur with what Bigboudda and Michael have said. Follow what Bigboudda has suggested to get rid of it (nasty thing !). One extra bit of information i can add that I have not seen listed here after reading all the posts is this :

My Norton Anti-Virus (V8.07.17c) detected 2 trojan horse files in C:\Documents and Settings\YOURUSERNAME\Local Settings\gdbr (i THINK it was gdbr or some such directory similar to that - i cant quite remember as i have gotten rid of the damn thing now !) which were both called Index.html and Index2.html or some such. If you look under the Local Settings dir you will see what i mean anyway. When i deleted this directory (once norton alerted me of the trojan files) i kept getting the HTML error message when i rebooted. Everything seemed find if i ignored the message but eventually I got the Norton message again as it somehow redeployed and the gdbr directory and trojan html files were back again !. If you follow Bigboudda's steps you will get rid of it.
Hope this confirmation and extra info helps !

sorry, a correction to previous email....(i checked my norton log entries) the directory to look under is :

C:\Documents and Settings\YOURUSERNAME\Local Settings\TEMP

you will then find something along the lines of the following:

a directory called GDG20, gdg6 or similar file...it must create random dir names ?

under here it creates index.htm which norton cant repair...here some example log entries my norton : (hope this helps).

Date: 20/04/2002, Time: 14:20:40, Darren on MY_PC
The file
C:\DOCUME~1\DARREN\LOCALS~1\TEMP\GDG20\INDEX.HTM
is infected with the Trojan Horse virus.
Unable to repair this file.

Date: 20/04/2002, Time: 14:20:40, Darren on MY_PC
The file
C:\DOCUME~1\DARREN\LOCALS~1\TEMP\GDG20\INDEX.HTM
is infected with the Trojan Horse virus.
Access to the file was denied.

Date: 20/04/2002, Time: 14:20:40, Darren on MY_PC
The file
C:\DOCUME~1\Darren\LOCALS~1\Temp\gdg6\index.htm
is infected with the Trojan Horse virus.
Unable to repair this file.

Date: 20/04/2002, Time: 14:31:24, Darren on MY_PC
The file
C:\DOCUME~1\Darren\LOCALS~1\Temp\gdg1\index.htm
is infected with the Trojan Horse virus.
Unable to repair this file.

Hey all-
Just want to say a BIG thank you for everyone who posted here with info on how to remove this.
You are all great, and I appreciate your help.
Don

To all of you who have posted messages, a big thanx.
I had this same Openme.exe file on my system.

First of all the Pop Up kept appearing, it would boot me off the net and try and dial in to a sex line. It seemed to be regenerating itself from somwhere. So I deleted all sus files....A few days later, Nortons Av popped up on Reboot and said i had a Trojan Horse....file name was Index.htm Nortons quarantined this file, and i deleted it. Everytime the computer was rebooted the same thing came up only there was a number after the file name, different number each time. After deleting these files everytime and doin a full system scan...the file still kept appering on start up. I ran an update for Nortons this morning and another full system scan, and Nortons picked up the File Openme.exe and quarantined it. I deleted the Openme.exe file from Nortons Av, and on reboot a message appeared, could not find file openme.exe. After reading some messages posted here i went to sysedit and found the shell=Explorer.exe openme.exe and deleted OPENME.exe part only. And there you have it problem solved.....
So thank you to all.

Spent all of yesterday getting rid of this. Wish i had found this site yesterday..... would have saved a lot a time.
Main thing seems to be to delete all files associated with it and also the openme bit in the ini file.

Hi

I also have the same problem here. My Norton Antivirus detects the openme.exe file but is unable to delete it. I tried to manually delete it but it says "Access denied. Make sure the disk is not full or write protected." What do I do?

I need help.

Faizal

My greatest admiration to you all for such a
splendid forum, as being most constructive
among all that I have encountered..

openme.exe was found on my comp. running
win2k-pro. I followed most of the steps
that were foretold here. Though, among the
latest two, I have found something that
resembles my own problem. There were files
in the temp-folder under ADMINSITRATOR/local
settings/ and I deleted them, though I was
unable to remove these two folders, though
they were empty:

_wa3sktmp
(contains 2 under-directories:default/Studio)

and

gdg1

the error said that there has been a sharing
violation (being in use or something), even
though that I had removed openme.exe. But as
I am writing, I am realising that I didn't
reboot, so I will right after this message!

However, there is one more thing: In the
registries, I found following:

HKEY+LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Current Version\WOW

with these curious values for:
1. setupprograms: setupprogramName:
setup install inst imposta ayarla felrak eviewset

2. wowfax: DriverNames: WINFAX E-FAX MAXFAXP Quick Link II Fax Quick Link Gold Procomm Plus

also a whole bunch of things in
boot.description and boot, under the same
registry (WOW)

Questions? Of course!!! What am I suppose to
do with this? Also, I need to confirm if
under the same registries, the winlogon-
folder says the same as everyone else in
regards of Vmapplet (rundll32, shell32,
Control_rundll "sysdm.cpl)??

Also, if anyone can look for the following
registries in their systems, subsequently
running win2k (pro): HotFix. The values for
these are not as suspicious as others, but
say that it is a pre-sp3 thing.. anyone who
has installed win2k service pack knows what
I mean... so, I will be awaiting reponses
with tremendous eagerness. Also, keep up the
work...

my best wishes too all freedom-fighters *lol*

NighDark

ps: I play Unreal, so anyone eager to have a
go, come oooooooooooon, sissies!! :)

well, at least you all got it good...
im not sure if its related with the openme.exe trojan/virus but my second hd failed after my lil o brother dwnloaded sumthin from kazaa, which, i later found out that he downloaded some nascar zip file...

there goes my mp3s and my site backup files..:P

I got it from Limewire too, why I oughta...!

I really need help i'm having trouble with that dame openme file. Unforchinatly i found this site to late. I already managed to deleat the file, I don't remember how!! But now i'm getting a error message when opening windows that is tell me that Windows cannot find open.exe chex if you entered the name correctley and try again.

Anybody please help me fix this!!!

Faizal

It could be that the program is running in the background. If so, you can probably use task manager to find out, the file is in use and you can't delete it. Other solution could be to delete it form dos. By the way I'm no expert so don't do anything you might regret on my acount, please....

The solution worked fine for me.

Tnx to you all

Good luck,

Bernhard

Hi Ben

Thanks a lot. I finally got rid of it by deleting thru DOS. Thanks again.

Faizal

The baby has a name now:
http://www.symantec.com/avcenter/venc/data/w32.dss.trojan.html

hey...i too had the openme.exe problem....I deleted the exe pretty easily, but got an error message saying it couldn't be found each time my puter started up. there was no help found in searching the registry or msconfig, but i did a simple find files search and searched for text within the file. my system config file had an entry under [boot] of explorer.exe openme.exe
I deleted openme.exe and saved it and now it works.....someone above said they found this in the registry, but like i said...i had no luck in regedit. btw, i'm running win98 if it should make any difference

Ivé got it too!
Thanks for all gr8 suggestions but i can still not delete the file from my windows folder Grrrr! And an index fili in documents and setting are also unable to delete. Anyone have an idea what to do?

Success!

This is how i managed to throw this shi.. out of win xp pro.
Start/Run regedt32 search for openme.exe and delete those found, when u come to the file shell "explorer.exe openme.exe" rightclick and modify, remove only "openme.exe" from the name and close. Make sure you have found everything and then close regedt32. Then search your PC for openme.exe in the ordinary searchprog, and delete everything called openme. First i could not delete the file openme.exe in my windows folder and index files in Documents and settings/yourusername/local settings/temp. I did like this and it worked! Reboot your PC in safemode (press F8 during startup and choose safemode/enter. Login as administrator and delete the openme.exe from your windowsfolder, now reboot to normal mode and you will be able to delete the index files!

Good luck!

One mor thing! Download AdAware 5.71 from www.lavasoft.com and install it it cleans most of the spywares out of your PC!

Norton AV with the newest virus definitions (after 24/4/2002) automatically isolates/removes the w32.dss.trojan (openme.exe) completely.

I had the same problem with openme.exe and installed new definitions of Norton AV. It deleted the program but new dialog box (showing that file "openme.exe" wasn't found)appeared once machine was rebooted.
I suggest to execute MSconfig.exe (C:\WINDOWS\VCM) and then select "Sistem.ini". Will appear a lot of folders. Double click first of them ("Boot") an then disable where appears "shell=Explorer.exe openme.exe"
It's necessary to reboot your machine.
It functions with me

thanks
Bruno

I'm on WindowsXP. By following Wingnuts advice (post 29) I deleted the openme.exe files. I downloaded System Mechanic from www.iolo.com and discovered that fastdownload was still running on start up. I was able to delete it. Then I was able to delete the fastdownload folder and contents in my Program Files folder. I cleaned system with all of System Mechanics tools and just finished a Norton scan which found nothing. So I think it's all fixed. Gawd I love my MACS!

I had this trouble, however i have never edited my registry before so i went into tools internet options, security and set the security level on the restircted site one to the highest level by just diableing every option. i then added:
http://hardcore-showgirls.eww.de
http://217.69.237.130
(which is the site which popped up for me)
and they stopped showing up howevere the openme.exe file still runs in the background this is a fix for people less confident in changing the resitry like myself

Ok now i dont know how i did it but every time i start windows a message comes up saying "Openme.exe make sure path are correct and all required libraries are available' its doing my head in hellllp .... i think it might have got it of kazza or some site but i cant get it off....what's more it's slows my peuter down ,,,, too much

Internet Explorer is extremely slow after I got that openme trojan. Does anyone have a simular experience? If so how to fix that?

I have XP and tried a lot of the stuff and it didn't seem to help. I ended up replacing openme.exe with an executable that does absolutely nothing. Problem avoided and I don't need to spend any more time on it.